package cn.zzuli.securitydemo1.config;

import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.web.authentication.rememberme.JdbcTokenRepositoryImpl;
import org.springframework.security.web.authentication.rememberme.PersistentTokenRepository;

import javax.annotation.Resource;
import javax.sql.DataSource;

/**
 * @Date: 2020/12/27 14:05
 * @Author: 绯色下午茶
 * @Description:
 */
@Configuration
public class SecurityConfig extends WebSecurityConfigurerAdapter {

    @Resource
    public DataSource dataSource;

    @Bean
    PersistentTokenRepository persistentTokenRepository(){
        JdbcTokenRepositoryImpl jdbcTokenRepository = new JdbcTokenRepositoryImpl();
//        jdbcTokenRepository.setCreateTableOnStartup(true);
        jdbcTokenRepository.setDataSource(dataSource);
        return jdbcTokenRepository;
    }




    @Override
    protected void configure(HttpSecurity http) throws Exception {

        http.exceptionHandling().accessDeniedPage("/unAuth.html");//没有权限跳转的页面
        http.logout().logoutUrl("/logout").logoutSuccessUrl("/login.html").permitAll();
        http.formLogin().
                loginPage("/login.html")//自定义自己编写的登陆页面

                .loginProcessingUrl("/user/login")//定义登陆访问的controller路径，*****这里随便写*****，security帮我们做好了

                .defaultSuccessUrl("/successful.html").permitAll() //登陆成功后跳转的路径

                .and().authorizeRequests()//定义哪些被保护，哪些不被保护

                .antMatchers("/", "/security/hello", "/user/login").permitAll()//这些路径不需要认证

//                .antMatchers("/security/admin").hasAuthority("admin")//只有具有admin权限才能访问
//
//                .antMatchers("/security/admin").hasAnyAuthority("consumer,admin")//只有具有admin权限才能访问
//                .antMatchers("/security/consumer").hasRole("consumer")//只有“consumer”角色才能访问
                .anyRequest().authenticated()//所有请求都可以访问

                .and().rememberMe().tokenRepository(persistentTokenRepository())//设置记住我
                    .tokenValiditySeconds(60)//设置有效时长，秒为单位
                    .userDetailsService(userDetailsService())

                .and().csrf().disable();//关闭csrf
    }

    @Resource
    private UserDetailsService myUserDetailService;

    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth.userDetailsService(myUserDetailService).passwordEncoder(getPassword());

    }

    @Bean
    PasswordEncoder getPassword() {
        return new BCryptPasswordEncoder();
    }
}
